Our users sign on their workstations using their Active Directory ID. For our SSO solution we've always used the old 10gR2 32-bit Oracle HTTP Server (Apache 1.3) with NTLM to get the Active Directory user name and feed that name into a sentry page function which looks the name up in a security database.

We're wanting to move to 11gR2 64-bit on Windows2008 with GlassFish Server 3.1.2 and Apex Listener 1.1.3. But I can't find a practical open source SSO solution for this new environment that would match what we're able to do with our old set up described above.

What is the most practical open source SSO solution for our new environment?